RDP Through a Complex Home Network
This project involves configuring various network devices to allow a remote desktop connection between 2 computers. The problem I have is my Cisco lab is upstairs and my desktop with the big monitor is downstairs. How did I connect the them so I could control the Cisco lab from a remote location?
The not so elegant solution I had was to plug my desktop into the wireless router so that both computers were on the same subnet. That's great if I'm at home but doesn't work if I need to connect from a different location. I had a general notion of the solution to begin with but was woefully unequipped when it came to documentation. Numerous Google searches turned up nothing. I knew the solution involved port forwarding but how to enable it was the problem. Through trial and error I arrived at a working configuration in about a half hour.
Below is a diagram of my network with the relevant network interfaces. My ISP connection is a Motorola Cable Modem. I have a 4 port switch connected to the cable modem. There are a Vonage Adaptor and Desktop PC directly connected to the switch both of which recieve public internet addresses. The typical ISP customer will only have 1 public address avaiable but can purchase the use of additional addresses which is what I have done. Connected to the Vonage Adaptor is a Trendnet wireless router. Connected to the Trendnet wireless router is a laptop which is in turn connected by console cable to my Cisco lab (not shown).
The actual solution is:
Vonage Adaptor --> foward port 3389 external to 3389 on the Trendnet Router
Trendnet Router --> forward port 3389 external to 3389 on the Laptop
Actually getting it to work is a bit more complicated. Let me explain some of the terminology. External interface refers to the wide area network (WAN) connection of a device. It would be the interface on the side which recieves packets from the internet or other outside source. Internal interface refers to the local area network (LAN) connection of a device. In my diagram I have labeled all the WAN interfaces. The LAN interfaces in this example are the same as the management interfaces. Port forwarding is the process of redirecting a connection through the 2 interfaces. In this scenario I kept it simple by using the default port of the remote desktop protocol (RDP) which is 3389/TCP.
Step 1: Configure the Vonage Adaptor
This step is done from the Laptop as it can establish a connection to the Vonage Adaptor by launching a web browser and entering the address 192.168.102.1. The address of the web interface will vary by manufacturer and product. On the Vonage Adaptor I had to configure a virtual server with the settings;
IP: 192.168.102.100 (WAN interface on the Trendnet router)
Port: 3389 (default port for RDP protocol which is what MS Terminal Services Client uses)
Transport: TCP (this transport protocol has 2 ports, TCP and/or UDP)
What I just did was tell the Vonage Adaptor to forward any traffic it recieved to port 3389 on it's external interface to port 3389/TCP on the external interface of the Trendnet router. What's sort of confusing because it's not shown is that the packet is exiting the Vonage Adaptor through it's internal interface, 192.168.102.1 via port 3389/TCP. Without going into a lot of detail about routing, the Vonage Adaptor's internal and external interfaces are implicitly assumed to know about each other.
Step 2: Configure the Trendnet Wireless Router
This step is performed from the Laptop as well. Launch a web browser and connect to the address 192.168.1.1. Again, different manufacturers use different addresses for their management interfaces. My router has a setting called Virtual Server which is where I enable port forwarding. The specific settings involved are;
Enable: Enable
Name: RDP (name of the protocol)
Protocol: TCP (RDP uses TCP as opposed to UDP)
Private Port: 3389 (port on the internal interface)
Public Port: 3389 (port on the external interface)
LAN Server: 192.168.1.101 (address of the laptop)
To test the connection I go to the desktop pc, click on start--> run--> mstsc. I enter the address 71.202.233.156.
The astute reader may have noticed that I have 2 different subnets and most likely a DHCP server running on each subnet. That is the case due to QoS issues with the Vonage Adaptor. It needs to be upstream and not on the same subnet as the router.
The purpose of this article was to provide a framework of how port forwarding works so that the reader can fully utilize their home networking equipment and not be hindered by poor documentation. The main point is that services like Terminal Services communicate using ports as their endpoints. You configure your network devices' external and internal interfaces to point where you want the packet to go.